fkie_cve-2024-56543
Vulnerability from fkie_nvd
Published
2024-12-27 14:15
Modified
2024-12-27 14:15
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: ath12k: Skip Rx TID cleanup for self peer
During peer create, dp setup for the peer is done where Rx TID is
updated for all the TIDs. Peer object for self peer will not go through
dp setup.
When core halts, dp cleanup is done for all the peers. While cleanup,
rx_tid::ab is accessed which causes below stack trace for self peer.
WARNING: CPU: 6 PID: 12297 at drivers/net/wireless/ath/ath12k/dp_rx.c:851
Call Trace:
__warn+0x7b/0x1a0
ath12k_dp_rx_frags_cleanup+0xd2/0xe0 [ath12k]
report_bug+0x10b/0x200
handle_bug+0x3f/0x70
exc_invalid_op+0x13/0x60
asm_exc_invalid_op+0x16/0x20
ath12k_dp_rx_frags_cleanup+0xd2/0xe0 [ath12k]
ath12k_dp_rx_frags_cleanup+0xca/0xe0 [ath12k]
ath12k_dp_rx_peer_tid_cleanup+0x39/0xa0 [ath12k]
ath12k_mac_peer_cleanup_all+0x61/0x100 [ath12k]
ath12k_core_halt+0x3b/0x100 [ath12k]
ath12k_core_reset+0x494/0x4c0 [ath12k]
sta object in peer will be updated when remote peer is created. Hence
use peer::sta to detect the self peer and skip the cleanup.
Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.0.1-00029-QCAHKSWPL_SILICONZ-1
Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: Skip Rx TID cleanup for self peer\n\nDuring peer create, dp setup for the peer is done where Rx TID is\nupdated for all the TIDs. Peer object for self peer will not go through\ndp setup.\n\nWhen core halts, dp cleanup is done for all the peers. While cleanup,\nrx_tid::ab is accessed which causes below stack trace for self peer.\n\nWARNING: CPU: 6 PID: 12297 at drivers/net/wireless/ath/ath12k/dp_rx.c:851\nCall Trace:\n__warn+0x7b/0x1a0\nath12k_dp_rx_frags_cleanup+0xd2/0xe0 [ath12k]\nreport_bug+0x10b/0x200\nhandle_bug+0x3f/0x70\nexc_invalid_op+0x13/0x60\nasm_exc_invalid_op+0x16/0x20\nath12k_dp_rx_frags_cleanup+0xd2/0xe0 [ath12k]\nath12k_dp_rx_frags_cleanup+0xca/0xe0 [ath12k]\nath12k_dp_rx_peer_tid_cleanup+0x39/0xa0 [ath12k]\nath12k_mac_peer_cleanup_all+0x61/0x100 [ath12k]\nath12k_core_halt+0x3b/0x100 [ath12k]\nath12k_core_reset+0x494/0x4c0 [ath12k]\n\nsta object in peer will be updated when remote peer is created. Hence\nuse peer::sta to detect the self peer and skip the cleanup.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.0.1-00029-QCAHKSWPL_SILICONZ-1\nTested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: ath12k: Omitir desinfecci\u00f3n de TID de Rx para peer propio Durante la creaci\u00f3n del peer, se realiza la configuraci\u00f3n de dp para el peer donde se actualiza el TID de Rx para todos los TID. El objeto peer para el peer propio no pasar\u00e1 por la configuraci\u00f3n de dp. Cuando el n\u00facleo se detiene, se realiza la desinfecci\u00f3n de dp para todos los peers. Durante la desinfecci\u00f3n, se accede a rx_tid::ab, lo que provoca el siguiente seguimiento de pila para el peer propio. ADVERTENCIA: CPU: 6 PID: 12297 en drivers/net/wireless/ath/ath12k/dp_rx.c:851 Seguimiento de llamadas: __warn+0x7b/0x1a0 ath12k_dp_rx_frags_cleanup+0xd2/0xe0 [ath12k] report_bug+0x10b/0x200 handle_bug+0x3f/0x70 exc_invalid_op+0x13/0x60 asm_exc_invalid_op+0x16/0x20 ath12k_dp_rx_frags_cleanup+0xd2/0xe0 [ath12k] ath12k_dp_rx_frags_cleanup+0xca/0xe0 [ath12k] ath12k_dp_rx_peer_tid_cleanup+0x39/0xa0 [ath12k] ath12k_mac_peer_cleanup_all+0x61/0x100 [ath12k] ath12k_core_halt+0x3b/0x100 [ath12k] ath12k_core_reset+0x494/0x4c0 [ath12k] El objeto sta en el peer se actualizar\u00e1 cuando se cree el peer remoto. Por lo tanto, use peer::sta para detectar el peer propio y omitir la desinfecci\u00f3n. Probado en: QCN9274 hw2.0 PCI WLAN.WBE.1.0.1-00029-QCAHKSWPL_SILICONZ-1 Probado en: WCN7850 hw2.0 PCI WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3"
}
],
"id": "CVE-2024-56543",
"lastModified": "2024-12-27T14:15:34.020",
"metrics": {},
"published": "2024-12-27T14:15:34.020",
"references": [
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/1a0c640ce1cdcde3eb131a0c1e70ca1ed7cf27cb"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/a052483d495a4dc62c814f2fd17d0ceb308fc6a6"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/a1e2d6738b29c74c2024eb23167dfff68aadd984"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/d73da0dd2853887b7aab71f0d572fd3314dafafe"
}
],
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"vulnStatus": "Awaiting Analysis"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.